Re: F30: System-Wide Change proposal: DNF UUID

Le 2019-01-08 18:13, Robert Marcano a écrit :
> On 1/7/19 2:28 PM, Matthew Miller wrote:
>> On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
>>>> * The Fedora community cares about privacy and is adverse to tracking
>>>> measures. We don't want to track; just count.
>>> Uh, so what's the story there? i mean, if you pass over the uuid you
>>> make clients trackable, regardless if you want to make use of that or
>>> not...
>>
>> Not if we don't keep them for long. One idea is to rotate them fairly
>> frequently. But this is mostly a statement of intent and might be
>> more about
>> how we build the backend than about what we force in the client.
>
> If the client generate a new UUID every month (for example), or use
> the current month in the UUID generation algorithm, There is no need
> for the users to trust that the server is removing the logs is true.
Of course there is. It's rather trivial to correlate the previous UUID
to the new one when you also have access to the corresponding IP addresses.

Then implement some kind of ping service that send that frequently
changed UUID over an anonymizing network, maybe Tor.
It doesn't have to run all time, it could be a monthly timer that start
a small instance of a Tor client and send the ping with the monthly
UUID. I am elucrubrating here, but this could be refined.
Now, how to avoid fake pings? the same can occur with fake updates
requests used for approximating current installation counts.

You need to be serious about data collection and approach it with a
security mindset “how could I hijack the system and betray users trust”
not “of course my data users are good they will never try anything evil
I can collect everything I get my hands on and think later” (the kind of
credulous US thinking that gave us Cambridge Analytica).
That’s what the GDPR is about. It’s *your* responsibility as data
collector to think about how data could be used, it’s *your* problem to
protect it, it’s *your* problem if it’s misused, you can not make it
available on a platter for others to do evil things with and claim it’s
those people’s problem.